Feature Request: iterate through all matches of a $string using for..of about yara-project HOT 6 CLOSED

I think i'm understanding what you're asking for, but could you give an example 
of something that you would like to express using this feature. I don't find 
any situation that can't be expressed with  "$string at expression" or "$string 
in (expression..expresson)"

I found a situation where the proposed feature would be more natural than the 
current solution. For example if you want to guarantee that every occurrence of 
some string is inside a given offset range you could say:

for all ocurrence of $string: (@ > expression1 and @ < expression2)

That should be expressed now as:

not $string in (0..expression1) and not $string in (expression2..filesize)

It works, but is not very readable.

Thanks for the feedback. Here is an example of what I am trying to express:

rule example
{
  strings:
    $guid = { ... } // 16 bytes

  condition:
    for any of ($guid) : (int32(@ + 16 + x) < 0) // x being some constant/offset
}

I would like the expression to be evaluated for each occurrence of $guid and 
have the rule fire if expression is true for any occurrence in the "for any of" 
case.

Interesting, i didn't though about intXX(). People end up using yara in very 
creative ways :)

Well, it makes sense, so i'll try to included in next release.

Great! Thank you!

If it would be easier to point me in the right direction, I'd be more than 
happy to take a crack at it.

Cheers.

Feature added in version 1.5